Malaysian Computer Emergency Response Team

CONTACT US

SITEMAP

Search:

Home > Services > Advisories > MyCERT Advisories > 2008

MA-144.122008: MyCERT Special Alert - Mozilla Firefox Multiple Vulnerabilities

Initial Release: 23rd December 2008

1.0 Introduction

MyCERT is aware that multiple vulnerabilities has been found for Mozilla Firefox web browser and could pose security threat to users that are using Mozilla Firefox web browser.

The vulnerabilities consist of flaws found and known with the following CVE :

CVE-2008-5500
CVE-2008-5501
CVE-2008-5502
CVE-2008-5503
CVE-2008-5504
CVE-2008-5505
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5510
CVE-2008-5511
CVE-2008-5512
CVE-2008-5513

2.0 Impact

A successful exploitation could allow intruder to pass certain security restrictions, obtain sensitive and secret information, conduct cross-site scripting attacks, or potentially compromise a user's system.

Some vulnerabilities lead to memory corruption and could be exploited to run arbitrary code and allow an attacker to cause a denial of service (DoS) condition.

3.0 Affected Products and Platforms

Mozilla Firefox 3.x & Mozilla Firefox 2.0.x

4.0 Mitigation

Users are advised to promptly upgraded the web browser to the latest version (version 3.0.5) at the mentioned URL [1].

5.0 References

[1]	Mozilla Firefox and Thunderbird download page
	http://www.mozilla.com/en-US/products/download.html?product=firefox-3.0.5

[2]	Secunia Advisories
	http://secunia.com/advisories/33203/

[3]	F-Secure Vulnerability Information
	http://www.f-secure.com/vulnerabilities/SA33203

[4]	Mozilla Foundation Security Advisory 2008-60
	http://www.mozilla.org/security/announce/2008/mfsa2008-60.html

[5]	Mozilla Foundation Security Advisory 2008-64
	http://www.mozilla.org/security/announce/2008/mfsa2008-64.html

[6]	Mozilla Foundation Security Advisory 2008-65
	http://www.mozilla.org/security/announce/2008/mfsa2008-65.html

[7]	F-Secure Vulnerability Information : Mozilla Firefox 2 Multiple Vulnerabilities
	http://www.f-secure.com/vulnerabilities/SA33184

Users and organizations could contact MyCERT for further assistance or questions.

MyCERT can be reached at:

E-mail : mycert@mycert.org.my
Phone : +603 89926969 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my

Revision History:
Initial Release: 23rd December 2008